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Time Savings 


QualysGuard® Questionnaire Service is a cloud-based solution that 
centralizes and automates the launch, tracking, review and approval of risk 
and compliance assessments. 


It reduces the cost and effort required to gather information from various 
stakeholders, helping organizations streamline and expand their vendor 
risk, IT risk and compliance assessment programs. 


Email/Spreadsheet Approach 


Design & Build 


Interactive Designer 


4h. Assessment Use Cases 


Asset Classification 


Identify what is critical for the business 
by looking at the type of information 
involved (PII, PHI, Credit Card info) and 
the regulations that apply. 


How: 

Ask business/technical owners or the 
entity being assessed what type of 
information is involved and how critical 
it is for the business. 
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Launch & Track 


Centralized Active/ Stale 


Risk and Compliance 


Verify that the company is in 
compliance with the requirements 
defined in internal policies or external 
regulations. 


How: 

Use questionnaires to test controls and 
collect evidence that a control is in 
place and is effective. 


Analyze & Report 


Aggregate and Report 


Vendor Risk 


Verify that vendors have proper 
security controls in place based on their 
criticality, and the type of information 
they have access to. 


How: 

Use questionnaires to assess vendors 
to verify that risks are mitigated and 
provide evidence that controls are 

in place. 


Functions and Features 


Integrated library of 500+ regulations, standards, guidelines 
and best practices from the Unified Compliance Framework 
make it easy to automatically build questionnaires 
encompassing multiple regulations or standards. 


Visual questionnaire designer enables analysts to 
interactively design questionnaires and define requirements for 
evidence, comments, or asset attachments. 


Assessment workflow provides the ability to automatically 
send assignment or reminder emails to questionnaire 
respondents, track progress, and communicate with external 
applications. 


Questionnaire responder provides subject matter experts an 
easy-to-use set of interface to quickly and efficiently assign and 
complete questionnaires, including attaching evidence by drag 
and drop, and delegating questions, sections or even entire 
questionnaires to others to complete. 


Dashboards and reports provide insight in the progress, 
compliance and risk posture of a single assessment or across a 
defined set of assessments. 


Operational view helps analysts identify questionnaires or 
assessments that are approaching or past their the due date, 
as well as list those that are actively being worked on, or those 
that are inactive. 


T= LLCO Overview Pelee 


Supplier Security Self Assessment Questionaire assigned to Christophe Delaure Date Range | This Year x 


[Vendor Risk Mot | [High Risk | Aca tags Completion Status Due Date | Answer Questions | 
51% Answering October 12, 2012 siciinloaa tard öy. 
Incomplete Questions ‘Completion Bumdown 
— Christo 
npleted 
Sep '12 Nov '12 Jan ‘13 Mar ‘13 May '13 
| Æ Sean Molloy MB Eric Perraudeau $ Eric Heitzman MM Christophe Delaure | 
Activity Activity Stream 


Answering Christophe Delaure Attached the document "Browser 
check.png” yesterday 


Christophe Deloure Attached the document “Realword 
stories.png" to SL13Al May 24, 2013 


Christophe Delaure Answered to SL81 May 23, 201 


Christophe Detaure Answered to SL81 May 23, 2013 
Sep ‘12 Nov'12 Jan ‘13 Mar ‘13 May '13 
Christophe Delaure Attached the document 
“RiskWaming jpg" to SL81 May 23, 2013 


| — Sean Molloy — Eric Perraudeau — Eric Heitzman — Christophe Delaure | 


Questionnaire Dashboard 


MOST COMMON REGULATIONS AND MANDATES BY INDUSTRY 


INDUSTRY REGULATION STANDARD 
ACROSS INDUSTRIES SOX — Sarbanes Oxley ISO 270021 - ISO 27002 
Public Companies COBIT 
HEALTHCARE REGULATION HIPAA NIST 800 - 66 
FEDERAL FISMA and C&A NIST 800 - 53 

FIPS 199 
FINANCIAL SERVICES GLBA FFIEC IT SECURITY 
Banks, Credit Unions HANDBOOK 
ENERGY FERC NERC CIP 
ACROSS INDUSTRIES PCI PCI 


Retail, Credit Card Processing 


Pricing 


Key Component 


Unlimited number of questionnaires 

Full UCF access 

Unlimited number of responders 
Unlimited number of internal assessments 
Number of vendors (up to 500) 

Training included 

Support and upgrade included 

Starting package with one analyst 


Price per analyst 


Headquarters 

1600 Bridge Parkway 

Redwood City, CA 94065 USA 

T: 1 (800) 745 4355, info@qualys.com 
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Please contact us for pricing 


Volume Based 


Qualys is a global company with offices around the world. To find an office near you, visit http://www.qualys.com/contact 
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